AHFE Open AccessAnalyzing important factors in cybersecurity incidents using table-top exercise
Abstract
In recent years, the threat of cyber-attacks has been increasing yearly. Various organizations should take countermeasures for it. In the face of increasing threats, organizations need to take not only technical measures but also human countermeasures. However, cyber-attacks themselves are becoming more sophisticated, so it is important for organizations to prepare countermeasures and organizational structures based on the assumption that incidents due to cyber-attacks will occur. Moreover organizations are required to minimize the damage caused by cyber-attack incidents and continue their business operations.This study focused on human countermeasures especially organizational structures, designed an incident response exercise, and conducted it with approximately 60 members of a critical infrastructure company in Japan. Based on the records of the exercise and the results of the post-exercise questionnaire, these results examine organizational and human barriers that organizations may face in incident response and the organizational structure that minimizes the damage from incidents. The incident response exercise was based on a scenario in which a hypothetical local infrastructure company was infected with ransomware and could not fulfill its role as a local infrastructure. The roles of management, IT department, and upper-level managers and personnel in the field departments were defined, and how incident response would be conducted from each position was examined. The exercise was recorded chronologically using the chronology used in disaster recovery, and the instructions given by whom and to whom were organized in chronological order so that the participants could look back on the details of their responses after the exercise. A questionnaire survey was conducted after the exercise, and the exercise itself received a high evaluation, with an average score of 4 or higher out of 5. In addition, information on important items in incident response, including changes before and after the exercise, was collected through free-response statements. Context-based evaluation and analysis of the collected results revealed what members of the Japanese critical infrastructure community consider important in incident response. Furthermore, from the contents recorded in chronology during the exercise, the process of escalation and decision-making to management and upper management was analyzed to identify barriers such as delays in reporting and decision-making that may lead to the expansion of incident damage. In addition, based on the results of these analyses, we will deepen our thinking and make recommendations on the organizational structure and transfer of authority for rapid incident response.
Keywords: Cybersecurity, Incident Response, Human Factor Countermeasures, Resilience, Table Top Exercise
DOI: 10.54941/ahfe1004770
Cite this paper
More from this volume
- Using DESM to demonstrate how behavior can impact an enterprise's physical attack surface structure
- Proposing a DESM-based analytical framework for the enterprise cyber defender
- Interactive virtual learning environment to develop next-generation cybersecurity practitioner competency
- Biometric Authentication for the Mitigation of Human Risk on a Social Network
- Measuring How Appropriate Individuals Are for Specific Jobs in a Network of Collaborators
- A Notion of Trustworthiness Based on Centrality in a Social Network
- Towards a Human-Centric AI Trustworthiness Risk Management Framework
- Does penalty help people learn to detect phishing emails?
- A survey of agent-based modeling for cybersecurity
- Mental Firewall Breached: Leveraging Cognitive Biases for Enhanced Cybersecurity
- Discovering Cognitive Biases in Cyber Attackers’ Network Exploitation Activities: A Case Study
- Exploring User Perspectives on Prioritizing Security through Software Updates